// GLOSSARY -- SECURITY & COMPLIANCE

What is Operational Security (OpSec)?

1 min read Updated

Operational security (OpSec) in crypto encompasses the practices and procedures that protect private keys, accounts, and systems from compromise — extending beyond code security to include human and procedural safeguards.

WHY IT MATTERS

Code can be perfect and still lose funds if operational security fails. OpSec covers: key management procedures, access control policies, deployment practices, monitoring and alerting, and incident response plans.

Common OpSec failures: storing keys in environment variables that get committed to git, using SMS 2FA, sharing keys through insecure channels, and single-point-of-failure admin access.

Good OpSec is layered: hardware wallets for key storage, multisig for access control, timelocks for changes, monitoring for anomaly detection, and incident response for when things go wrong.

FREQUENTLY ASKED QUESTIONS

What are the biggest OpSec mistakes?
Exposing private keys in code/logs, using SMS for 2FA, single-signer admin access, and no monitoring for unusual activity. These are more common than smart contract bugs.
How should teams manage keys?
Multisig wallets, hardware wallets for individual signers, key rotation policies, and separation of duties. No single person should be able to drain funds.
What is an incident response plan?
Predefined steps for security incidents: detection, assessment, containment (pause contracts if possible), communication, and recovery. Having a plan before you need it is essential.

FURTHER READING

Enforce policies on every tool call

Intercept is the open-source MCP proxy that enforces YAML policies on AI agent tool calls. No code changes needed.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.